{"id":38475932,"url":"https://github.com/sansneo/au","last_synced_at":"2026-01-17T05:20:02.848Z","repository":{"id":311953983,"uuid":"1042168756","full_name":"sansneo/au","owner":"sansneo","description":"Highly configurable single static binary local authentication server!","archived":false,"fork":false,"pushed_at":"2025-11-21T10:10:04.000Z","size":311,"stargazers_count":9,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-21T12:09:25.285Z","etag":null,"topics":["au","authentication","jwks"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/sansneo/au/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sansneo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit/ffuf.sh","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-21T15:32:29.000Z","updated_at":"2025-11-21T11:46:16.000Z","dependencies_parsed_at":"2025-08-28T02:04:51.011Z","dependency_job_id":"62d71afc-b8e9-4331-a601-6ff21349f598","html_url":"https://github.com/sansneo/au","commit_stats":null,"previous_names":["sansneo/au"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/sansneo/au","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansneo%2Fau","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansneo%2Fau/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansneo%2Fau/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansneo%2Fau/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sansneo","download_url":"https://codeload.github.com/sansneo/au/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansneo%2Fau/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28498666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T04:31:57.058Z","status":"ssl_error","status_checked_at":"2026-01-17T04:31:45.816Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["au","authentication","jwks"],"created_at":"2026-01-17T05:20:00.688Z","updated_at":"2026-01-17T05:20:02.840Z","avatar_url":"https://github.com/sansneo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# au\n\u003e Hyper configurable local authentication server in a single executable.\n\nStop reimplementing authentication, it's hard to make it secure and even if you can it's really time consuming.  \nPeople would often point you to third party remote solutions or something local like this one.  \nIntroducing `au`, blazingly  fast, unopinionated and headless authentication solution!\n\n\u003e [!WARNING]\n\u003e This is a toy and very much still in development not to be used for anything in production.  \n\u003e You gotta love the idea though!\n\n## Usage\nStart an authentication API with no extra features enabled.\n```sh\nau\n```\nStart an authentication API on port `2300` using an in memory database and TOTP as a MFA method.\n```sh\nau -p 2300 -d \":memory:\" -t\n```\nAll the available options!\n```\nUsage: au [--port] [--prefix] [--rate-limit] [--database] [--journal-mode] [--pepper] [--bcrypt-cost] [--jwt-issuer] [--jwt-expiry] [--refresh-expiry] [--locking] [--failed-attempts] [--lockout-time] [--totp] [--totp-skew] [--totp-length] [--totp-algorithm] [--smtp] [--smtp-user] [--smtp-password] [--smtp-address] [--smtp-port] [--smtp-from] [--smtp-template] [--origins] [--documentation] [--version]\n\nOptions:\n  --port, -p             specifies API port [default: 6900, env: PORT]\n  --prefix, -u           specifies API subrouter prefix [default: /api, env: PREFIX]\n  --rate-limit, -r       specifies a rate limit rule for an endpoint (format '/auth/login:10:1h:3h') [env: RATE_LIMIT]\n  --database, -d         specifies database path (can be ':memory:') [default: ./auth.db, env: DATABASE]\n  --journal-mode, -j     specifies database journal mode (must be 'DELETE', 'WAL', 'TRUNCATE', 'PERSIST', 'MEMORY' or 'OFF') [default: DELETE, env: JOURNAL_MODE]\n  --pepper, -w           specifies an optional password pepper [env: PEPPER]\n  --bcrypt-cost, -b      specifies bcrypt cost factor (must be between 10 and 14) [default: 12, env: BCRYPT_COST]\n  --jwt-issuer, -i       specifies the JWT issuer [default: local, env: JWT_ISSUER]\n  --jwt-expiry           specifies JWT expiry (format 1h, 30m, 15s) [default: 30m, env: JWT_EXPIRY]\n  --refresh-expiry       specifies opaque reference refresh token expiry (format 1h, 30m, 15s) [default: 24h, env: REFRESH_EXPIRY]\n  --locking, -l          specifies whether to enable/disable account locking [default: true, env: LOCKING_ENABLED]\n  --failed-attempts      specifies maximum failed login attempts before account locking [default: 10, env: LOCKING_ATTEMPTS]\n  --lockout-time         specifies account lockout time (format 1h, 30m, 15s) [default: 1h, env: LOCKING_TIME]\n  --totp, -t             specifies whether to enable/disable TOTP as a MFA method [default: false, env: TOTP_ENABLED]\n  --totp-skew            specifies TOTP skew [default: 1, env: TOTP_SKEW]\n  --totp-length          specifies TOTP codes length (should be 6 or 8) [default: 6, env: TOTP_LENGTH]\n  --totp-algorithm       specifies TOTP algorithm (must be 'SHA1', 'SHA256', 'SHA512') [default: SHA1, env: TOTP_ALGORITHM]\n  --smtp, -s             specifies whether to enable/disable SMTP for account verification and recovery [default: false, env: SMTP_ENABLED]\n  --smtp-user            specifies SMTP server user [env: SMTP_USER]\n  --smtp-password        specifies SMTP server user password [env: SMTP_PASSWORD]\n  --smtp-address         specifies SMTP server address [env: SMTP_ADDRESS]\n  --smtp-port            specifies SMTP server port [env: SMTP_PORT]\n  --smtp-from            specifies SMTP from email [env: SMTP_FROM]\n  --smtp-template        specifies path to email HTML template [env: SMTP_TEMPLATE]\n  --origins, -o          specifies CORS origins [env: CORS_ORIGINS]\n  --documentation        specifies whether/disable to serves API documentation [default: false, env: DOCS_ENABLED]\n  --version, -v          show current version and exit\n  --help, -h             display this help and exit\n```\n\n## Design\n* Runs no matter what and everything is customizable with a flag.\n* Follows RFCs and best practicies unless specified differently.\n* Has a manual page and an OpenAPI specification optionally served with ScalarUI.\n* JWKS instead of JWT secrets by default and Opaque Reference Tokens triggering IP and User Agent validation by default, limiting a stolen JWT's potential damage!\n* Extensively audited against the OWASP TOP 10 including BOLA, CSRF and XSS.\n* Static analysis and anti debugging in release builds!\n* Very well documented and aiming for an high unit testing coverage for each package.  \n\n\u003e [!NOTE]\n\u003e Can't believe I understand all of these things.\n\n## Installation\nGrab a [release](https://github.com/sansneo/au/releases) for your architecture and operating system or do it another way.\n### With Go's toolchain installed\n```\ngo install github.com/sansneo/au/cmd/au@latest\n```\n### From source\n```\nmake\n```\n### Using Docker\n```\ndocker build -t sansneo/au .\n```\n## Debugging with Delve\nIt's an API, so you need to attach to the process using the PID.\n```\ndlv attach $(pgrep au)\n```\n## Screenshots\n![refer](./screenshots/refer.png)  \n![refer](./screenshots/request.png)\n\nInspired by modern tools such as [fzf](https://github.com/junegunn/fzf), [rg](https://github.com/BurntSushi/ripgrep) and [fd](https://github.com/sharkdp/fd)\n\n### Contributions\nCheck out [TODO](./TODO.md) and send a PR for me to review!\n#### Bounties\nFor a big PR I will buy you a Yogurt I like. Motivated yet?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsansneo%2Fau","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsansneo%2Fau","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsansneo%2Fau/lists"}